Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

Remediation

References

CVE-2013-2081

Related Vulnerabilities

Oracle JRE CVE-2013-0432 Vulnerability (CVE-2013-0432)

WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)

ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)

WordPress Plugin Newsletter-Send awesome emails from WordPress Unspecified Vulnerability (4.1.1)

Apache Tomcat version older than 7.0.30

Severity

Medium

Classification

CVE-2013-2081 CWE-264

Tags

Missing Update Known Vulnerabilities